What To Do If Someone Dumps Your Company's Internal Documents On The Internet

IR professionals learn to expect the unexpected and have crisis communications plans for everything
from a product recall to a missed quarter.

But the recent rise of massive document dumping on WikiLeaks.org
has created a new potential threat to consider: mountains of
internal documents finding their way into the public domain
without warning.

In a recent interview with Forbes columnist Andy Greenberg,
WikiLeaks founder Julian Assange warned that his next mega-leaks
will focus not on leaked government memos but on corporate
secrets.

Even if legal troubles hamstring the site, the publicity
surrounding WikiLeaks has inspired copycat sites around the
world, forever changing the landscape for information security.
The phenomenon ‘adds up to a reputational risk companies didn’t
have to think about a year ago,’ according to James Lewis, a
cyber security expert at the Center for Strategic &
International Studies, who was interviewed for the Forbes piece.

Published just prior to Assange’s most recent release of US
Department of State cables, and his subsequent arrest on a sexual
assault warrant from Sweden, the Forbes article describes how
WikiLeaks.org had to shut down its intake system for leaked
documents last fall because the inflow was outpacing the site’s
ability to publish the data, much of it from companies rather
than governments.

‘Our pipeline of leaks has been increasing exponentially as our
profile rises,’ Assange told Forbes. ‘Corporate leaks are an
important phenomenon. And they’re only going to
increase.’

Inside Investor Relations asked seasoned IR
counselors to share their thinking on how to deal with this new
landscape. Roger Pondel, president and CEO of PondelWilkinson, advises that ‘a leak loses
its power once it’s exposed and becomes a news story. Rather than
fighting it, professional communications resources must be
applied to controlling the story in the media and minimizing
brand damage.’

Because it’s such a new phenomenon, Pondel says ‘preparing
management against a WikiLeaks threat, up to now, has been rare.’
He adds that ‘high-profile companies may well be the most
vulnerable in the long run. Once information is leaked, aside
from conducting an internal investigation as to the source, the
company must be upfront and prepared with a public statement, to
get as far ahead of the story as possible with accurate
messaging.’

Brad Wilks, managing director at Sard Verbinnen, says best practices have not
changed, despite the new threat posed by WikiLeaks. ‘I don’t
believe we are giving any substantially different advice to
clients,’ he comments.

‘Obviously, every company needs to instill a culture that
respects confidentiality of non-public material data that could
be embarrassing – or worse – if leaked externally, and should
have policies to make sure such information is safeguarded to the
greatest extent possible.’

Both counselors pointed to the value of being well prepared. An
unexpected leak ‘can be responded to within the context of a
broader crisis response plan in which all the key players and
most potential scenarios have been identified well in advance, so
a team can be activated quickly,’ Wilks says.

Wilks and Pondel are also clear on the need to respond to
negative information forthrightly. ‘If an instance arose in which
malfeasance was implied or evident from leaked data, our advice
would be to work closely with the general counsel, outside legal
advisers and independent board in determining a response,’
explains Wilks.

Assange himself has some advice for companies, which he provided
in the Forbes interview: ‘Do things to encourage leaks from
dishonest competitors. Be as open and honest as possible. Treat
your employees well.’